Why use a nginx proxmox proxy using letsencrypt ssl? 1st: why not? 2nd: Load balancing! Nginx is built to handle many concurrent connections at the same time from multitude of clients. This makes it ideal for being the point-of-contact for said clients. The server can pass requests to any number of backend servers to handle the bulk of the work, which spreads the load across your infrastructure. This design also provides you with flexibility in easily adding backend servers or taking them down as needed for maintenance. 3rd: Security! Many times Nginx can be secured to not allow access to certain parts of the underlying application so life doesnt throw you a curveball at 3AM on December 24th 2006(dont ask 🙁 ). 4th: Port firewall constraints! Sometimes you need to access an application on port 34563 but firewall doesn’t allow access on random ports. You can allow incoming connections on port 80 via nginx but proxy them to the app on 34563. 5th: seriously… why not….. Now you know why we may want nginx as a frontend proxy for our underlying app. so let’s get to setting it up for our use case which is to protect proxmox from bad actors! and to provide reliable access to our proxmox for ourselves. We are going to setup nginx to forward all traffic from port 80 to port 443 where letsencrypt will provide us with ssl encrypted access! Install nginx light instead of full, so you have a smaller set of utilities but also a lighter install. you can install […]
Category Archives: nginx
Letsencrypt ssl cert for mumble
I needed to set up a mumble server for a friends minecraft community. The Mumble software uses a client–server architecture which allows users to talk to each other via the same server. It has a very simple administrative interface and features high sound quality and low latency where possible. All communication is encrypted to make sure user privacy using either a self signed cert or a cert purchased via a vendor. The great thing about Mumble is that it’s free and open-source software, is cross-platform, and is released under the terms of the new BSD license. Since letsencrypt is awesome and provides completely free certs to the end users, I figured it would be perfect to use in this attempt. So I started on the road to acquire a letsencrypt ssl cert for mumble. First we need to acquire the letsencrypt client. for this you need git. git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly –standalone –standalone-supported-challenges tls-sni-01 A text / curses bases dialogue will start. it will ask you to input your domain(s) you want a cert for. If you want multiple domains or multiple subdomains at the same time just separate them via a space or a comma, follow the prompts and it will install your cert in /etc/letsencrypt/live/<domain>/cert.pem. So far so good! now you need to install murmur/mumble-server on your machine. I would like to tell you how to do it but due to the nature of software it might change, the best way to do it is via checking the official mumble wiki for info […]